15946 matches found
Vulnerabilities in D-Link, Comba Routers Can Leak Credentials
Researchers have discovered vulnerabilities in D-Link and Comba Telecom routers that can leak passwords for the devices and have the potential to affect every user on networks that use them for access. Trustwave SpiderLabs Security Researcher Simon Kenin discovered the vulnerabilities—two in a...
Former AWS Engineer Arrested as Capital One Admits Massive Data Breach
A massive breach of Capital One customer data has hit more than 100 million people in the U.S. and 6 million in Canada. Thanks to a cloud misconfiguration, a hacker was able to access to credit applications, Social Security numbers and bank account numbers in one of the biggest data breaches to...
Microsoft Brings HSTS to Windows 7 and 8.1
In the midst of a relatively light Patch Tuesday, Microsoft yesterday introduced an extra measure of security for users running Internet Explorer 11 on Windows 7 and Windows 8.1 machines: HSTS. Short for HTTP Strict Transport Security, HSTS is a browser header that forces any sessions sent over...
Army Research Lab Releases Dshell Forensics Framework
The U.S. Army has released to open source an internal forensics analysis framework that the Army Research Lab has been using for some time. The framework, known as Dshell, is a Python tool that runs on Linux and its designed to help analysts investigate compromises within their environments. The...
Microsoft Re-Releases Broken Security Patch MS14-045
Microsoft today re-released security bulletin MS14-045, which was pulled shortly after the August Patch Tuesday updates because a number of users reported crashes and blue screens. The patch was removed from Windows Update on Aug. 15, three days after it was released as part of Microsoft’s monthl...
Follina Exploited by State-Sponsored Hackers
Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-bas...
MSHTML Flaw Exploited to Attack Russian Dissidents
A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February. Researchers from MalwareBytes identified a campaign last we...
Bizarro Banking Trojan Sports Sophisticated Backdoor
A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said. According to an analysis from Kaspersky released Monday, Bizarro is a mobile malware, aimed at capturing online-banking credentia...
Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
Hewlett Packard Enterprise HPE is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Join Threatpost for “Fortifying Your Business Against...
Nation-State Attackers Actively Target COVID-19 Vaccine-Makers
Three nation-state cyberattack groups are actively attempting to hack companies involved in COVID-19 vaccine and treatment research, researchers said. Russia’s APT28 Fancy Bear, the Lazarus Group from North Korea and another North Korea-linked group dubbed Cerium are believed to be behind the...
Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless
A ransomware attack reportedly caused an Arkansas-based telemarketing company to temporarily suspend its operations, leaving hundreds of employees unsure that they still had jobs days before Christmas. The Heritage Company, a 61-year-old telemarketing firm that works with nonprofit organizations,...
Elegant sLoad Carries Out Spying, Payload Delivery in BITS
A fresh analysis of the trojan sLoad sheds light on the growing trend of advanced malware “living off the land” of a targeted system and successfully evading detection and carrying out malicious activities. SLoad is a PowerShell downloader type of malware and is known for its impressive...
Cybercriminals Adding Sophistication to BEC Threats
Cybercriminals are boosting their game and employing new tactics to move up the chain of command with more sophisticated business email compromise BEC threats that pose a greater threat to organizations, according to a new report. Advanced BEC attacks–including impersonation attacks and CEO...
Millions of Linux Servers Under Worm Attack Via Exim Flaw
A widespread campaign is exploiting a vulnerability in the Exim mail transport agent MTA to gain remote command-execution on victims’ Linux systems. Researchers say that currently more than 3.5 million servers are at risk from the attacks, which are using a wormable exploit. Specifically under...
Verizon Data Breach Report: Espionage, C-Suite and Cloud Attacks on the Rise
Corporate espionage is on the rise as a motivation for cyberattacks, with a full quarter of all network compromises associated with reconnaissance and data exfiltration in the last 12 months. However, financially motivated attacks aren’t going anywhere; social-engineering attacks aimed at stealin...
ShadowBrokers' Windows Zero-Days Already Patched
Hours after what was thought to be a damaging release of NSA hacking tools for Windows systems, Microsoft quelled some anxiety with a late-night statement on Friday that most of the vulnerabilities disclosed by the ShadowBrokers had already been patched. The biggest surprise was that the most...
Windows Update for Business Uproots Patch Tuesday
Scheduled patch deliveries are so last decade—and thankfully, it looks like they’re over when it comes to Microsoft Patch Tuesday. Microsoft this week at its Ignite event introduced its new security update scheme called Windows Update for Business, which debuts in Windows 10 with several new...
Microsoft Implements Windows Zerologon Flaw 'Enforcement Mode'
Microsoft is taking matters into its own hands when it comes to companies that haven’t yet updated their systems to address the critical Zerologon flaw. The tech giant will soon by default block vulnerable connections on devices that could be used to exploit the flaw. Starting Feb. 9, Microsoft...
CWT Travel Agency Faces $4.5M Ransom in Cyberattack, Report
CWT, a giant in the corporate travel agency world with a global clientele, may have faced payment of $4.5 million to unknown hackers in the wake of a ransomware attack. Independent malware hunter @JAMESWT tweeted on Thursday that a malware sample used against CWT formerly known as Carlson Wagonli...
Retail Org Cyberattacks Set to Soar 20% in 2019 Holiday Season
As cybercriminals grow more sophisticated and holiday shoppers continue to flock online, researchers warn internet-based retailers could face a 20 percent uptick in cyberattacks this holiday season compared to last year. In the report titled “Holiday Season Cyber Heists”, released Thursday mornin...
Intel Warns of Critical Info-Disclosure Bug in Security Engine
A critical security bug in the Intel Converged Security and Manageability Engine CSME could allow escalation of privilege, denial of service or information disclosure. The details are included in a bug advisory that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staf...
ThreatList: Amidst Data Breaches, Account Creation Fraud Soars in 2019
The first half of 2019 saw a 13 percent increase in fraudulent activity compared to the previous six months, with a spike in June representing the highest-volume bot attack that’s been recorded since 2016, according to an analysis from LexisNexis Risk Solutions. The firm’s report, with data glean...
Flaw in Multiple Airline Systems Exposes Passenger Data
Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at...
ThreatList: Exploit Kits Still a Top Web-based Threat
What we can glean from a 2018 roundup of current web-threats is old vulnerabilities die hard. In a report, released by Palo Alto Networks Unit 42, researchers said so far this year cybercriminals are targeting unpatched PCs with ancient CVEs and well-known exploit kits. Here is a ThreatList from...
xDedic Market Spilling Over With School Servers, PCs
Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities, and most are based in the United States. In a recent analysis of xDedic, Flashpoint found that besides the education sector, PC and servers tied to healthcare and legal firms mak...
Most Email Security Approaches Fail to Block Common Threats
On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. That’s according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research...
TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks
A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users’ phone numbers, unique user IDs and other data ripe for phishing attacks. TikTok, owned by ByteDance, has more than 800 million active users worldwide. The vulnerability,...
Keeper Threat Group Rakes in $7M from Hundreds of Compromised E-Commerce Sites
Since its launch three years ago, the Keeper threat group has compromised more than 570 e-commerce websites, from online liquor stores to Apple product resellers. And experts warn of future, increasingly sophisticated attacks against online merchants worldwide. The Keeper group, a faction of the...
Exploit Fully Breaks SHA-1, Lowers the Attack Bar
A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 SHA-1 code-signing encryption, used by legacy computers to sign the certificates that authenticate software downloads and prevent man-in-the-middle tampering. The exploit was developed by...
Black Friday Shoppers Targeted By Scams and Fake Domains
Black Friday and Cyber Monday-related scams are nothing new — but researchers warn that this year, they are seeing an uptick in scams using more sophisticated methods to lure users to hand over their payment data. Research released Tuesday by ZeroFOX uncovered some of the threats that attackers a...
LastPass Fixes Bug That Leaks Credentials
LastPass has patched a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site. Tavis Ormandy, a vulnerability researcher from Google Project Zero, discovered the flaw in the LastPass password manager and published it on the project’s...
Black Hat 2019: Microsoft Protocol Flaw Leaves Azure Users Open to Attack
LAS VEGAS – A path-traversal vulnerability in Microsoft’s Remote Desktop Protocol RDP leaves unpatched Azure customers open to attack. The flaw could allow for a virtual machine VM escape in Microsoft’s Hyper-V Manager, part of its Azure cloud platform. Researchers with Check Point at a Wednesday...
Cisco Starts Patching Firmware Bug; Millions of Devices Still Vulnerable
Cisco has issued a handful of firmware releases for a high-severity vulnerability in Cisco’s proprietary Secure Boot implementation that impacts millions of its hardware devices, across the scope of its portfolio. The patches are the first in a planned series of firmware updates that will roll ou...
Critical RCE Bug in Cisco WebEx Browser Extensions Faces 'Ongoing Exploitation'
A critical vulnerability in Cisco WebEx browser extensions that could allow unauthenticated remote code-execution RCE on targeted machines is being actively exploited in the wild. The news comes just days after Cisco issued a flurry of 24 different patches for its IOS XE operating system and warn...
Active Scans Target Vulnerable Cisco Routers for Remote Code-Execution
UPDATE Malicious scanning activity targeting Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers is underway, with a swell of opportunistic probes looking for vulnerable devices ramping up since Friday. According to Bad Packets Report’s honeypot data, cyberattackers are targeting a...
Apache Foundation Refutes Involvement in Equifax Breach
A group of developers behind Apache Struts, believed by some to be the culprit behind last week’s Equifax breach, took umbrage with those claims over the weekend. René Gielen, vice president of the Apache Struts Project Management Committee PMC at the Apache Software Foundation, wrote Saturday th...
Hacking Team Flash Zero Day Weaponized in Exploit Kits
Handlers for three major exploit kits have managed to utilize in short order a zero-day vulnerability in Adobe Flash Player uncovered among the 400 Gb of data stolen from Hacking Team. Experts, including French researcher Kafeine and a number of others from security companies, revealed last night...
Elasticsearch Elastichoney Honeypot Shows 8,000 RCE Attacks
Hackers have taken an interest in Elasticsearch, a popular enterprise search engine. A researcher based in Texas, whose own Elasticsearch server was hacked, today published results collated from a honeypot he built to get a sense of how widespread attacks are against the vulnerability that did in...
Red October Attackers Return With CloudAtlas APT Campaign
The attackers behind the Red October APT campaign that was exposed nearly two years ago have resurfaced with a new campaign that is targeting some of the same victims and using similarly constructed tools and spear phishing emails. Red October emerged in January 2013 and researchers found that th...
Scenes from Black Hat USA 2013
!More from Wednesday’s Legal Access Panel Briefinghttps://media.threatpost.com/wp-content/uploads/sites/103/2013/08/07043123/panel.j...
Ransomware Attacks are on the Rise
After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service RaaS groups. With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they...
‘Trojan Source’ Hides Invisible Bugs in Source Code
Researchers have found a new way to encode potentially evil source code, such that human reviewers see a harmless version and compilers see the invisible, wicked version. Named “Trojan Source attacks,” the method “exploits subtleties in text-encoding standards such as Unicode to produce source co...
Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
Threat actors exploited an unpatched Citrix flaw to breach the network of the U.S. Census Bureau in January in an attack that was ultimately halted before a backdoor could be installed or sensitive data could be stolen, according to a report by a government watchdog organization. However,...
Smart Doorbell Disaster: Many Brands Vulnerable to Attack
Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from...
2021 Healthcare Cybersecurity Priorities: Experts Weigh In
Healthcare cybersecurity is in triage mode. As systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. Most...
Zoom Zero-Day Allows RCE, Patch on the Way
UPDATE A newly discovered bug in the Zoom Client for Windows could allow remote code-execution, according to researchers at 0patch, which disclosed the existence of the flaw on Thursday after pioneering a proof-of-concept exploit for it. The issue was confirmed for Threatpost by a Zoom...
BlueLeaks Server Seized By German Police: Report
German authorities have reportedly seized a server hosting the massive BlueLeaks data dump, which was released earlier in June and exposed thousands of sensitive police department and law enforcement files. According to a Wednesday report by PCMag, the server was based in Falkenstein, Germany and...
News Wrap: Microsoft Sway Phish, Malicious GIF and Spyware Attacks
Threatpost editors Tom Spring, Tara Seals and Lindsey O’Donnell-Welch talk about the biggest news stories of the week ended May 1, including: A “PhantomLance” espionage campaign discovered targeting specific Android victims, mainly in Southeast Asia — which could be the work of the OceanLotus APT...
Trend Micro Fixes Critical Flaws Under Attack
Trend Micro has released security updates patching five vulnerabilities in its endpoint security solutions, Apex One and OfficeScan XG for Windows. Specifically, Apex One 2019 and OfficeScan XG SP1 and XG are affected by four critical-severity and one high-severity flaws. Two of these...
No 'Silver Bullet' Fix for Alexa, Google Smart Speaker Hacks
Researchers this week disclosed new ways that attackers can exploit Alexa and Google Home smart speakers to spy on users. The hacks, which rely on the abuse of “skills,” or apps for voice assistants, allow bad actors to eavesdrop on users and trick them into telling them their passwords over the...